I suppose the configuration of tomcat with LDAP/AD is about logins (e.g. the Realm). Therefor Natalia is correct: You’ll have to query your LDAP-Server for more info. The comment field is too short for this comment, so I’ve opted for another answer, stating the same.

The reason for this is, that the Realm interface provides a Principal, that just contains the username and the possibility to query, if the current user is in a given role (it doesn’t even provide all the roles that a principal is in). This is sufficient for the purposes of getting access restrictions based on URLs into web.xml. It does not aim at being your central point of contact with everything that is stored in your user database.

If you don’t use the user-id but just want it substituted by the full user name, you can easily write your own LDAP Realm by looking at the tomcat installation, creating a new Realm implementation and adding a jar with this implementation to TOMCAT_HOME/lib (for Tomcat 6.0). Of course you need to reference this implementation from your TOMCAT_HOME/conf/server.xml instead of the standard tomcat implementation.